CN117478422A - Interface data acquisition method and system based on password-free login in decoupling state - Google Patents
Interface data acquisition method and system based on password-free login in decoupling state Download PDFInfo
- Publication number
- CN117478422A CN117478422A CN202311622374.2A CN202311622374A CN117478422A CN 117478422 A CN117478422 A CN 117478422A CN 202311622374 A CN202311622374 A CN 202311622374A CN 117478422 A CN117478422 A CN 117478422A
- Authority
- CN
- China
- Prior art keywords
- password
- user
- information
- login
- free
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000013475 authorization Methods 0.000 claims description 51
- 238000004422 calculation algorithm Methods 0.000 claims description 18
- 238000005336 cracking Methods 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 8
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 4
- 230000001502 supplementing effect Effects 0.000 claims description 3
- 238000012795 verification Methods 0.000 description 4
- 235000014510 cooky Nutrition 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of data acquisition, in particular to a method and a system for acquiring interface data without secret login based on a decoupling state. The method avoids the problem that a user jumps to a login interface to carry out password-free login when password-free login is carried out, and the method for acquiring interface data through password-free login is realized in a hot plug mode by decoupling the existing service.
Description
Technical Field
The invention relates to the technical field of data acquisition, in particular to a method and a system for acquiring interface data based on password-free login in a decoupling state.
Background
With respect to the retrieval of interface data, it is generally involved in sending HTTP requests and retrieving response data from a server. The URL of the interface is determined, an HTTP request is sent, this data is typically in JSON format, errors are handled, the data is used, and the interface data is successfully obtained and parsed and can be used in an application or web site.
For the safety and reliability of the application server, the server only releases the data information of the common interface, and most interfaces are not released. If the user interface data is not released, the client needs to access the user interface data information when the user interface data is not logged in because the client needs the service interface data, but the client does not have login, so that the authentication failure condition is avoided.
The current method for realizing the login-free of the user comprises the following steps: acquiring account information input when a user logs in an application program, and executing login operation according to login prompt of the application program; acquiring the URL address after the login operation is executed; storing the URL address into a Cookie; if the external plug-in needs to log in by a user, the URL address is obtained from the Cookie and opened to realize that the user does not log in.
However, after the product client downloads and installs, because the user does not log in and does not need to log in design, authentication failure occurs when the user interface is accessed when the interface is not released for application security.
Disclosure of Invention
The invention aims to provide a method and a system for acquiring interface data based on password-free login in a decoupling state, so as to solve the problems in the prior art.
The embodiment of the invention is realized by the following technical scheme:
in a first aspect, the present invention provides a method for obtaining interface data based on password-free login in a decoupling state, including;
establishing a password-free login menu authority through a user management system, authorizing a designated user through the password-free login menu authority, and calling an interface at a client by the authorized designated user;
binding appointed user information for the client through the browser, judging whether the appointed user logs in, and responding interface information if the appointed user logs in, and responding data to the client;
if the appointed user does not log in, judging whether the appointed user has the password-free login permission, and if the appointed user does not have the password-free login permission, feeding back authentication-free information;
if the password has password-free login permission, carrying out cracking identity authentication through an XSS attack or replay attack interceptor, automatically supplementing the password of the user through a user management system according to a password generation rule configured currently, and generating related user cache object information;
and responding to the interface information if the login is successful, responding the data to the client, and feeding back abnormal information if the login is failed.
In an embodiment of the present invention, establishing the password-free login menu authority, and authorizing the designated user through the password-free login menu authority includes;
obtaining all user information, marking a password-free login identifier for a user needing to be authorized, and forming a first authority directory, wherein the first authority directory records the appointed user;
respectively authorizing the appointed users according to the user lists on the first authority list, and simultaneously writing in an encryption command with authorization information when authorizing;
and acquiring all user information again, extracting the user information with the encryption command to form a second authority directory, checking the user information in the second authority directory with the user information in the first authority directory, completing the authorization process if the user information is completely consistent with the user information in the first authority directory, and continuing reporting error feedback if the user information is inconsistent with the user information in the first authority directory.
In an embodiment of the present invention, the binding of the specified user information for the client through the browser includes;
after the client is installed, acquiring information of a designated user, and checking an encryption command of the designated user;
after the encryption command is checked without errors, user information is bound and appointed for the client through the browser.
In one embodiment of the present invention, the determining whether the password-free login permission exists includes;
acquiring an encryption command of the appointed user information, and decrypting the encryption command to obtain authorization information;
checking the authorization information, judging that the authorization information is correct, if the authorization information is correct, the authorization information is authorized to have the password-free login permission, otherwise, the authorization information is not authorized to have the password-free login permission.
In one embodiment of the present invention, the writing the encrypted command with the authorization information includes;
creating a public key and a private key, sending the public key to a client, creating a first key and first authorization data by the client, performing hash value calculation on the first authorization data to obtain a first check value, and sending the private key to a data acquisition end for acquiring an encryption command of specified user information;
and encrypting the data by using the secret key and an encryption algorithm to obtain a ciphertext, encrypting the first secret key by using the public key to obtain a second secret key, and transmitting the ciphertext and the second secret key to the data acquisition end.
In one embodiment of the present invention, decrypting the encrypted command includes;
when the data acquisition end requests to acquire authorization information, the private key is used for decrypting the second key through a decryption algorithm to acquire a first key;
decrypting the first plaintext by using the first secret key through a decryption algorithm to obtain second authorization data, and calculating a second plaintext through a hash value to obtain a second check value;
if the first check and the second check value are consistent, the first authorization data is output, and if the first check and the second check value are inconsistent, the request is refused.
In an embodiment of the invention, the creating the public key and the private key includes;
pk=P(seed)
wherein pk represents a public key, P represents a generation algorithm, and seed represents a random number seed;
mk=P2M(pk)
where mk represents the private key, P2M represents the algorithm for public-to-private key, and pk represents the public key.
In a second aspect, the present invention further provides an interface data acquisition system based on a password-free login in a decoupling state, including;
the authority setting module is configured to establish a password-free login menu authority through the user management system, authorize a designated user through the password-free login menu authority, and enable the authorized designated user to call an interface at the client;
the information binding module is configured to bind appointed user information for the client through the browser, judge whether the appointed user logs in, respond to interface information if the appointed user logs in, and respond data to the client;
the login judging module is configured to judge whether the login permission is available or not if the appointed user does not login, and feed back authentication-free information if the login permission is not available;
the cracking module is configured to crack identity authentication through an XSS attack or replay attack interceptor if the password has password-free login permission, automatically patch the user password to simulate login through a user management system according to a password generation rule configured at present, and generate related user cache object information;
the response module is configured to respond to the interface information if the login is successful, respond the data to the client, and feed back abnormal information if the login is failed;
the master control module is connected with the permission setting module, the information binding module, the login judging module, the cracking module and the response module and is used for executing the interface data acquisition method based on the password-free login in the decoupling state.
In a third aspect, an electronic device is provided, where the electronic device includes a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the above method for obtaining interface data based on password-free login in a decoupled state when the processor executes the computer program.
The technical scheme of the embodiment of the invention has at least the following advantages and beneficial effects:
the method provided by the invention mainly comprises the steps that after the client is installed, an administrator binds a client user, binds a password-free login menu authority for the client user, carries password-free login identification when the client password-free login is carried out, carries out password-free login, directly successfully carries out password-free login for password-free login, and after successful login, executes interface request and responds data to the client through cross-site attack, XSS attack interceptor and filter verification. The method avoids the problem that a user jumps to a login interface to carry out password-free login when password-free login is carried out, and the method for acquiring interface data through password-free login is realized in a hot plug mode by decoupling the existing service.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
The division of the modules presented in this application is a logical division, and there may be other manners of division in practical application, for example, multiple modules may be combined or integrated in another system, or some features may be omitted, or not performed.
The modules or sub-modules described separately may or may not be physically separate, may or may not be implemented in software, and may be implemented in part in software, where the processor invokes the software to implement the functions of the part of the modules or sub-modules, and where other parts of the templates or sub-modules are implemented in hardware, for example in hardware circuits. In addition, some or all of the modules may be selected according to actual needs to achieve the purposes of the present application.
Referring to fig. 1, the invention provides a method for obtaining interface data based on password-free login in a decoupling state, comprising the following steps of;
s101: establishing a password-free login menu authority through a user management system, authorizing a designated user through the password-free login menu authority, and calling an interface at a client by the authorized designated user;
the user management system in the present embodiment is a software system for managing and maintaining user information. It typically includes functions such as user registration, login, rights management, role management, password reset, user information modification, etc. The user management system can help organizations to effectively manage user information, ensuring security and compliance. It may also help users more conveniently access and manage their personal information. User management systems are commonly used in a variety of scenarios for enterprise-wide systems, websites, applications, and the like.
The program is a program corresponding to a server and providing local service for clients. It is necessary to work with the server. Defined herein as a client, broadly refers to the need to access interface information without a close login according to an account number assigned by an administrator on a non-login interface.
S102: binding appointed user information for the client through the browser, judging whether the appointed user logs in, and responding interface information if the appointed user logs in, and responding data to the client;
s103: if the appointed user does not log in, judging whether the appointed user has the password-free login permission, and if the appointed user does not have the password-free login permission, feeding back authentication-free information;
s104: if the password has password-free login permission, carrying out cracking identity authentication through an XSS attack or replay attack interceptor, automatically supplementing the password of the user through a user management system according to a password generation rule configured currently, and generating related user cache object information;
wherein XSS attack: the method is characterized in that a malicious instruction code is injected into a webpage by using a vulnerability left when the webpage is developed, so that a user loads and executes a webpage program maliciously manufactured by an attacker. These malicious web programs are typically JavaScript, but may in fact include Java, VBScript, activeX, flash or even ordinary HTML. After the attack is successful, the attacker may get various contents including, but not limited to, higher rights (e.g., perform some operations), private web content, sessions, cookies, etc.
Replay attack: the method is that an attacker sends a packet received by a target host to achieve the purpose of spoofing the system, and the method is mainly used for the identity authentication process and damages the authentication correctness. Replay attacks may be performed by the initiator or by an adversary who intercepts and resends the data. An attacker uses network interception or other means to steal the authentication credentials before retransmitting it to the authentication server. Replay attacks may occur during any network communication. Many times the data transmitted over the network is encrypted, and the eavesdropper cannot obtain the exact meaning of the data.
S105: and responding to the interface information if the login is successful, responding the data to the client, and feeding back abnormal information if the login is failed.
The method provided by the invention mainly comprises the steps that after the client is installed, an administrator binds a client user, binds a password-free login menu authority for the client user, carries password-free login identification when the client password-free login is carried out, carries out password-free login, directly successfully carries out password-free login for password-free login, and after successful login, executes interface request and responds data to the client through cross-site attack, XSS attack interceptor and filter verification. The method avoids the problem that a user jumps to a login interface to carry out password-free login when password-free login is carried out, and the method for acquiring interface data through password-free login is realized in a hot plug mode by decoupling the existing service.
In one embodiment of the present invention, establishing a password-free login menu authority, and authorizing the designated user through the password-free login menu authority includes;
acquiring all user information, and marking the user needing to be authorized to form a first authority directory; authorizing the appointed users according to the user list on the authority directory, and simultaneously writing in an encryption command with authorization information when authorizing; and acquiring all user information again, extracting the user information with the encryption command to form a second authority directory, checking the user information in the second authority directory with the user information in the first authority directory, completing the authorization process if the user information is completely consistent with the user information in the first authority directory, and continuing reporting error feedback if the user information is inconsistent with the user information in the first authority directory.
Specifically, in order to prevent the user from being starved of error authorization when being authorized, a first authority directory and a second authority directory need to be set, and the authorized object is confirmed to be correct by checking the first authority directory and the second authority directory, wherein the encrypted command can be a string of characters or other encrypted data through identification and distinction.
In one embodiment of the present invention, binding the specified user information for the client through the browser includes;
after the client is installed, acquiring information of a designated user, and checking an encryption command of the designated user; after the encryption command is checked without errors, user information is bound and appointed for the client through the browser.
Since the interface data is acquired without password login, the encrypted command of the specified user needs to be checked again, so that the occurrence of an unknown specified user is avoided.
In one embodiment of the present invention, determining whether there is a password-free login permission includes;
acquiring an encryption command of the appointed user information, and decrypting the encryption command to obtain authorization information; checking the authorization information, judging that the authorization information is correct, if the authorization information is correct, the authorization information is authorized to have the password-free login permission, otherwise, the authorization information is not authorized to have the password-free login permission.
Specifically, the encryption command for writing the authorization information includes;
creating a public key and a private key, sending the public key to a client, creating a first key and first authorization data by the client, performing hash value calculation on the first authorization data to obtain a first check value, and sending the private key to a data acquisition end for acquiring an encryption command of specified user information; and encrypting the data by using the secret key and an encryption algorithm to obtain a ciphertext, encrypting the first secret key by using the public key to obtain a second secret key, and transmitting the ciphertext and the second secret key to the data acquisition end.
In one embodiment of the invention, decrypting the encrypted command includes;
when the data acquisition end requests to acquire authorization information, the private key is used for decrypting the second key through a decryption algorithm to acquire a first key; decrypting the first plaintext by using the first secret key through a decryption algorithm to obtain second authorization data, and calculating a second plaintext through a hash value to obtain a second check value; if the first check and the second check value are consistent, the first authorization data is output, and if the first check and the second check value are inconsistent, the request is refused.
The present invention provides a specific example to explain the above method of the present embodiment:
by pk=p (seed), where pk represents the public key, P represents the generation algorithm, and seed represents the random number seed; the public key is obtained by mk=p2m (pk), where mk represents the private key, P2M represents the algorithm for public-to-private key, and pk represents the public key.
The public key is sent to the client, the client stores the data of the appointed user as the information of the appointed user is bound, the client creates a first key and first authorization data, wherein the first authorization data can be the authorization data of the appointed user, hash value calculation is carried out on the first authorization data to obtain a first check value, the first check value is stored, and the first key is used for encrypting the data by adopting an I-SM4 encryption algorithm to obtain ciphertext. And then encrypting the first key by using the SM2 public key to obtain a second key, and sending the ciphertext and the second key to the data acquisition end, wherein the data acquisition end in the embodiment is a port for sending a request and requests to acquire the authorization data or decryption module of the appointed user.
The data acquisition end uses the private key to decrypt the second key through an SM2 decryption algorithm to obtain a first key, uses the first key to decrypt through an I-SM4 decryption algorithm to obtain second authorization data, carries out hash value calculation on the second authorization data to obtain a second check value, outputs the first authorization data if the first check value is consistent with the second check value, and refuses the request if the first check value is inconsistent with the second check value.
In a second aspect, the present invention further provides an interface data acquisition system based on a password-free login in a decoupling state, including;
the authority setting module is configured to establish a password-free login menu authority through the user management system, authorize a designated user through the password-free login menu authority, and enable the authorized designated user to call an interface at the client;
the information binding module is configured to bind appointed user information for the client through the browser, judge whether the appointed user logs in, respond to interface information if the appointed user logs in, and respond data to the client;
the login judging module is configured to judge whether the login permission is available or not if the appointed user does not login, and feed back authentication-free information if the login permission is not available;
the cracking module is configured to crack identity authentication through an XSS attack or replay attack interceptor if the password has password-free login permission, automatically patch the user password to simulate login through a user management system according to a password generation rule configured at present, and generate related user cache object information;
the response module is configured to respond to the interface information if the login is successful, respond the data to the client, and feed back abnormal information if the login is failed;
the main control module is connected with the permission setting module, the information binding module, the login judging module, the cracking module and the response module and is used for executing the interface data acquisition method based on the password-free login in the decoupling state.
In the practical use of the present invention, the following is described in detail by way of a specific example:
a password-free login menu authority is defined in the user management system service, only an administrator is defaulted to have the password, the administrator can authorize the user, and the user with the authority can call an interface at a client. Before operating the client, the user information is successfully bound for the client at the browser.
And operating the client, when the interface is called, judging whether the user logs in, and if so, executing the next step, responding to the interface information, and responding the data to the client.
Otherwise, judging whether the password-FREE login permission exists or not through calling the acquisition interface, and transmitting a PRD-FREE-AUTO parameter on a request head no matter when the password-FREE login permission is called by a web or a server, wherein the parameter value is 1 (the password is not transmitted to be default to be 0) to request response;
after the request is successful, acquiring whether a request parameter is 1, and if the request parameter is 0, returning authentication-free information; if the authentication information is 1, judging whether the user has the password-free login permission, and if the user does not have the password-free login permission, returning authentication-free information; if the password-free login permission exists, the password simulation login success of the user is automatically supplemented through an interceptor such as XSS attack, replay attack and the like according to the password generation rule configured at present by the user management system, and relevant user cache object information is generated. And after the current user logs in successfully, executing the next step, responding to the interface information, executing the next step, and responding the data to the client.
It should be noted that the current system can log in, here taking a user name password as an example, the principle of scanning codes, mailboxes, telephone numbers and the like is the same as that of the user name password, and the verification code is free from password login and verification.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. The method for acquiring the interface data based on the password-free login in the decoupling state is characterized by comprising the following steps of;
establishing a password-free login menu authority through a user management system, authorizing a designated user through the password-free login menu authority, and calling an interface at a client by the authorized designated user;
binding appointed user information for the client through the browser, judging whether the appointed user logs in, and responding interface information if the appointed user logs in, and responding data to the client;
if the appointed user does not log in, judging whether the appointed user has the password-free login permission, and if the appointed user does not have the password-free login permission, feeding back authentication-free information;
if the password has password-free login permission, carrying out cracking identity authentication through an XSS attack or replay attack interceptor, automatically supplementing the password of the user through a user management system according to a password generation rule configured currently, and generating related user cache object information;
and responding to the interface information if the login is successful, responding the data to the client, and feeding back abnormal information if the login is failed.
2. The method for obtaining interface data based on password-free login in a decoupling state according to claim 1, wherein establishing password-free login menu authority, through which a designated user is authorized, comprises;
obtaining all user information, marking a password-free login identifier for a user needing to be authorized, and forming a first authority directory, wherein the first authority directory records the appointed user;
respectively authorizing the appointed users according to the user lists on the first authority list, and simultaneously writing in an encryption command with authorization information when authorizing;
and acquiring all user information again, extracting the user information with the encryption command to form a second authority directory, checking the user information in the second authority directory with the user information in the first authority directory, completing the authorization process if the user information is completely consistent with the user information in the first authority directory, and continuing reporting error feedback if the user information is inconsistent with the user information in the first authority directory.
3. The method for obtaining interface data based on password-free login in a decoupling state according to claim 2, wherein the binding of the specified user information for the client through the browser comprises;
after the client is installed, acquiring information of a designated user, and checking an encryption command of the designated user;
after the encryption command is checked without errors, user information is bound and appointed for the client through the browser.
4. The method for obtaining interface data based on password-free login in a decoupling state according to claim 3, wherein the determining whether the password-free login permission exists comprises;
acquiring an encryption command of the appointed user information, and decrypting the encryption command to obtain authorization information;
checking the authorization information, judging that the authorization information is correct, if the authorization information is correct, the authorization information is authorized to have the password-free login permission, otherwise, the authorization information is not authorized to have the password-free login permission.
5. The method for obtaining interface data based on password-free login in a decoupled state according to claim 4, wherein the writing the encrypted command with authorization information comprises;
creating a public key and a private key, sending the public key to a client, creating a first key and first authorization data by the client, performing hash value calculation on the first authorization data to obtain a first check value, and sending the private key to a data acquisition end for acquiring an encryption command of specified user information;
and encrypting the data by using the secret key and an encryption algorithm to obtain a ciphertext, encrypting the first secret key by using the public key to obtain a second secret key, and transmitting the ciphertext and the second secret key to the data acquisition end.
6. The method for obtaining interface data based on password-free login in a decoupled state according to claim 5, wherein decrypting the encrypted command comprises;
when the data acquisition end requests to acquire authorization information, the private key is used for decrypting the second key through a decryption algorithm to acquire a first key;
decrypting the first plaintext by using the first secret key through a decryption algorithm to obtain second authorization data, and calculating a second plaintext through a hash value to obtain a second check value;
if the first check and the second check value are consistent, the first authorization data is output, and if the first check and the second check value are inconsistent, the request is refused.
7. The method for obtaining interface data based on password-free login in a decoupled state according to claim 5, wherein creating a public key and a private key comprises;
pk=P(seed)
wherein pk represents a public key, P represents a generation algorithm, and seed represents a random number seed;
mk=P2M(pk)
where mk represents the private key, P2M represents the algorithm for public-to-private key, and pk represents the public key.
8. The interface data acquisition system based on the password-free login in the decoupling state is characterized by comprising the following components;
the authority setting module is configured to establish a password-free login menu authority through the user management system, authorize a designated user through the password-free login menu authority, and enable the authorized designated user to call an interface at the client;
the information binding module is configured to bind appointed user information for the client through the browser, judge whether the appointed user logs in, respond to interface information if the appointed user logs in, and respond data to the client;
the login judging module is configured to judge whether the login permission is available or not if the appointed user does not login, and feed back authentication-free information if the login permission is not available;
the cracking module is configured to crack identity authentication through an XSS attack or replay attack interceptor if the password has password-free login permission, automatically patch the user password to simulate login through a user management system according to a password generation rule configured at present, and generate related user cache object information;
the response module is configured to respond to the interface information if the login is successful, respond the data to the client, and feed back abnormal information if the login is failed;
the main control module is connected with the authority setting module, the information binding module, the login judging module, the cracking module and the response module and is used for executing the interface data acquisition method based on the password-free login in the decoupling state according to any one of claims 1 to 7.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method for obtaining interface data based on a password-free login in a decoupled state according to any one of claims 1 to 7 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311622374.2A CN117478422A (en) | 2023-11-30 | 2023-11-30 | Interface data acquisition method and system based on password-free login in decoupling state |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311622374.2A CN117478422A (en) | 2023-11-30 | 2023-11-30 | Interface data acquisition method and system based on password-free login in decoupling state |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117478422A true CN117478422A (en) | 2024-01-30 |
Family
ID=89629441
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311622374.2A Pending CN117478422A (en) | 2023-11-30 | 2023-11-30 | Interface data acquisition method and system based on password-free login in decoupling state |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117478422A (en) |
-
2023
- 2023-11-30 CN CN202311622374.2A patent/CN117478422A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109347835B (en) | Information transmission method, client, server, and computer-readable storage medium | |
| US10284376B2 (en) | Code signing system with machine to machine interaction | |
| CN109547458B (en) | Login verification method and device, computer equipment and storage medium | |
| US10356612B2 (en) | Method of authenticating a terminal by a gateway of an internal network protected by an access security entity providing secure access | |
| CN109413076B (en) | Domain name resolution method and device | |
| US8627493B1 (en) | Single sign-on for network applications | |
| CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
| US20090319776A1 (en) | Techniques for secure network communication | |
| US10284374B2 (en) | Code signing system with machine to machine interaction | |
| CN110933078B (en) | H5 unregistered user session tracking method | |
| JP6572750B2 (en) | Authentication control program, authentication control device, and authentication control method | |
| CN103118022B (en) | A kind of without password heterodoxy Sign-On authentication method | |
| US11811739B2 (en) | Web encryption for web messages and application programming interfaces | |
| CN104243452B (en) | A kind of cloud computing access control method and system | |
| CN111786996B (en) | Cross-domain synchronous login state method and device and cross-domain synchronous login system | |
| US20240064021A1 (en) | Access control method, apparatus, network side device, terminal and blockchain node | |
| JP4608929B2 (en) | Authentication system, server authentication program, and client authentication program | |
| CN113678131A (en) | Protecting online applications and web pages using blockchains | |
| CN114844644A (en) | Resource request method, device, electronic equipment and storage medium | |
| CN117155716B (en) | Access verification method and device, storage medium and electronic equipment | |
| CN104270346B (en) | The methods, devices and systems of two-way authentication | |
| CN116996305A (en) | Multi-level security authentication method, system, equipment, storage medium and entry gateway | |
| CN109587134B (en) | Method, apparatus, device and medium for secure authentication of interface bus | |
| CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
| CN114978544A (en) | Access authentication method, device, system, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |